diff options
author | Péter Dimitrov <[email protected]> | 2019-06-14 15:53:47 +0200 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-06-14 15:53:47 +0200 |
commit | dca65c70badd3b33903a0535ef2366eecc3e12dc (patch) | |
tree | 6989f3cd54aacc6fc37c42b8169735b574398091 /lib/ssl/src/ssl_handshake.erl | |
parent | b4fb2e5669acb02697d9a9ab168eb0fbff6f370c (diff) | |
download | otp-dca65c70badd3b33903a0535ef2366eecc3e12dc.tar.gz otp-dca65c70badd3b33903a0535ef2366eecc3e12dc.tar.bz2 otp-dca65c70badd3b33903a0535ef2366eecc3e12dc.zip |
ssl: Improve handling of signature algorithms
TLS 1.2 ClientHello caused handshake failure in the TLS 1.2 server
if the signature_algorithms_cert extension contained legacy algorithms.
Update TLS 1.2 server to properly handle legacy signature algorithms
in the signature_algorithms_cert extension.
Update TLS 1.3 client so that it can send legacy algorithms in its
signature_algorithms_cert extension.
Diffstat (limited to 'lib/ssl/src/ssl_handshake.erl')
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index f68d3e9b26..3d2abb714f 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -1186,10 +1186,7 @@ signature_algs_ext(undefined) -> signature_algs_ext(SignatureSchemes0) -> %% The SSL option signature_algs contains both hash-sign algorithms (tuples) and %% signature schemes (atoms) if TLS 1.3 is configured. - %% Filter out all hash-sign tuples when creating the signature_algs extension. - %% (TLS 1.3 specific record type) - SignatureSchemes = lists:filter(fun is_atom/1, SignatureSchemes0), - #signature_algorithms{signature_scheme_list = SignatureSchemes}. + #signature_algorithms{signature_scheme_list = SignatureSchemes0}. signature_algs_cert(undefined) -> undefined; |